Let’s Encrypt has officially launched IP‑based TLS certificates, enabling secure HTTPS connections directly to IPv4 and IPv6 addresses — no domain name required. These certificates are short‑lived, valid for just 160 hours (about 6 days).
Why it matters
Traditionally, TLS certificates were tied to DNS names, limiting secure deployments for services operating solely on raw IP addresses. With this launch, Let’s Encrypt expands encryption to:
- Homelabs & self‑hosting setups
- Cloud instances and ephemeral systems
- Internal services & test environments
- IoT and edge devices
This change removes the need to register or maintain a domain just to enable HTTPS.
Why 6‑day certificates?
Let’s Encrypt made IP certificates mandatory short‑lived for two reasons:
- IP addresses change frequently, so frequent re‑validation prevents stale or mis‑issued certificates.
- Shorter lifetimes reduce risk when keys are compromised, avoiding dependence on unreliable revocation mechanisms.
How to get one
Use an ACME client (like Certbot) that supports the shortlived profile and specify your public IP address. Validation works via HTTP‑01 or TLS‑ALPN‑01 challenges.
A win for self‑hosters
This update is a game‑changer for anyone securing services directly by IP. It simplifies HTTPS deployment and improves security for systems where DNS is unnecessary or cumbersome.
Source: Let’s Encrypt announcement
Comments
Submit comment
No comments yet. Be the first to share your thoughts!